CN107534609B - Method, apparatus and storage medium for service function chaining - Google Patents

Method, apparatus and storage medium for service function chaining Download PDF

Info

Publication number
CN107534609B
CN107534609B CN201680022813.8A CN201680022813A CN107534609B CN 107534609 B CN107534609 B CN 107534609B CN 201680022813 A CN201680022813 A CN 201680022813A CN 107534609 B CN107534609 B CN 107534609B
Authority
CN
China
Prior art keywords
service function
packet
mac address
source mac
processor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201680022813.8A
Other languages
Chinese (zh)
Other versions
CN107534609A (en
Inventor
S.坦德
J.瓦卡罗
R.埃彻伯格
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hewlett Packard Development Co LP
Original Assignee
Hewlett Packard Development Co LP
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett Packard Development Co LP filed Critical Hewlett Packard Development Co LP
Publication of CN107534609A publication Critical patent/CN107534609A/en
Application granted granted Critical
Publication of CN107534609B publication Critical patent/CN107534609B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/66Layer 2 routing, e.g. in Ethernet based MAN's
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • H04L12/462LAN interconnection over a bridge based backbone
    • H04L12/4625Single bridge functionality, e.g. connection of two networks over a single bridge
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0246Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
    • H04L41/0273Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols using web services for network management, e.g. simple object access protocol [SOAP]
    • H04L41/0293Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols using web services for network management, e.g. simple object access protocol [SOAP] for accessing web services by means of a binding identification of the management service or element
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/56Routing software
    • H04L45/566Routing instructions carried by the data packet, e.g. active networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/17Interaction among intermediate nodes, e.g. hop by hop
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2408Traffic characterised by specific attributes, e.g. priority or QoS for supporting different services, e.g. a differentiated services [DiffServ] type of service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/35Flow control; Congestion control by embedding flow control information in regular packets, e.g. piggybacking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/20Support for services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/029Firewall traversal, e.g. tunnelling or, creating pinholes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/10Architectures or entities
    • H04L65/1013Network architectures, gateways, control or user entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/604Address structures or formats
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

An example computing system includes a processor and a non-transitory medium having instructions stored thereon. The instructions, when executed, cause the processor to: a packet including a Machine Access Control (MAC) source address is received and, based on a first field of bits of the source MAC address, a service function chain identifier corresponding to a service function chain for the packet is determined. The instructions further cause the processor to: a service function index corresponding to a service function for the packet is determined based on a second field of bits of the MAC address, a tunnel identifier corresponding to a tunnel for the packet is determined based on a third field of bits of the source MAC address, and an action value for the packet is determined based on a fourth field of bits of the source MAC address.

Description

Method, apparatus and storage medium for service function chaining
Background
The computing device may transmit the packet via a network. The network packet may include source and destination Machine Access Control (MAC) addresses.
Drawings
Certain examples are described in the following detailed description and with reference to the accompanying drawings, in which:
FIG. 1 is a conceptual diagram of an example computing device that may execute a service function chain;
FIG. 2 is another conceptual diagram of an example computing system that may execute a service function chain;
FIG. 3 is a flow diagram of an example method for executing a service function chain;
FIG. 4 is a flow diagram of an example method for executing a service function chain; and
FIG. 5 is a block diagram of an example for executing a service function chain.
FIG. 6 is a block diagram of an example for executing a service function chain.
Detailed Description
Service Function Chaining (SFC) is an increasingly popular method of providing network services. The service function links packets through multiple service functions. As an example, a service function chain may include firewall services and Intrusion Protection Services (IPS). In this example, packets that are part of the service function chain may be routed first to the firewall and then to the IPS.
One way to enable service function chaining is to use MAC (media access control) chaining. In a MAC address chain, a MAC chain compatible network device (e.g., a switch, router, or network appliance) determines that a packet is part of a service function chain. The network device then modifies the source and destination MAC addresses of the packet such that the packet is transmitted to the particular service function whose destination address is specified by the modified destination address. After the service function executes on the packet, the switch or router modifies the destination MAC address of the packet so that the packet is transmitted to a subsequent function in the chain of service functions. A MAC chain compatible network device repeatedly modifies the MAC address of a packet until the packet has traversed each service function of the chain. The packet is then transmitted to the source network device that originated the packet.
For a campus environment (i.e., a network environment in which heterogeneous network devices exist), a level 3 (L3) gateway may recover the destination MAC address of a packet once the packet has traversed each service of the chain. Requiring an L3 gateway is not appropriate for such campus environments. Furthermore, the MAC chain may utilize a large amount of memory overhead from the network switching/routing device.
The techniques of this disclosure enable MAC chaining while also preserving the destination MAC address. The techniques of this disclosure store SFC information in portions of the source MAC address. Further, a compatible network device implementing the techniques of this disclosure stores a tunnel ID (identifier), an SFC ID, an index of a next service function to which a packet is to be transmitted, and an action for the packet in a source MAC address of the packet.
FIG. 1 is a conceptual diagram of an example computing system that may execute a service function chain. A computing system 100 is illustrated in fig. 1. The computing system 100 includes devices 102, which may include switches, routers, brouters (brouters), software defined network devices, networking appliances, and the like. The device 102 includes a processor 104 and a non-transitory medium containing instructions stored thereon that, when executed, cause the processor to perform certain functions.
The processor 104 may include a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), an Application Specific Integrated Circuit (ASIC), a Digital Signal Processor (DSP), a Field Programmable Gate Array (FPGA), or the like. The processor 104 may include any combination of the foregoing. The processor 104 may also include one or more virtual devices, such as virtual processors of one or more virtual machines. The media 106 may include software, firmware, non-volatile memory, and the like. The media 106 may also be any combination of the aforementioned types of media. Processor 104 executes instructions on medium 106.
The processor 104 receives the packet 108, for example, via a network interface of the device 102. In some examples, the network interface may include one or more virtual network interfaces. Packet 108 includes a source MAC address 110. The source MAC address 110 may comprise a MAC address in accordance with an Institute of Electrical and Electronics Engineers (IEEE)802 format. In various examples, source MAC address 110 may be a 48-bit field of packet 108.
In the example of fig. 1, the source MAC address 110 may include an action value 112, an SFC Identifier (ID)116, a service function index ("SF index") 118, and a tunnel identifier 114. Action value 112 may indicate an action for packet 108. As an example, the action execution 112 may indicate that the packet 108 should stop being processed by the service function chain. In some examples, the action value 112 may indicate a block flow, a block device, a rate limit, or another action that should be performed on the packet 108.
The SFC ID 116 identifies the particular service function chain associated with the packet 108. The SFC includes one or more service functions that the network device(s) apply to the packet 108. As an example, the service function chain may include firewall service functions followed by anti-intrusion system service functions.
The SF index 118 corresponds to an index of a particular service function of the service function chain indicated by the value of the SFC ID 116. For example, SF index 118 may indicate a particular service to be performed or that has been performed on packet 108.
Tunnel ID114 indicates the particular tunnel associated with packet 108. The tunnel ID indicates the particular tunnel through which the packet 108 entered the SFC. In response to the packet 108 completing the associated SFC, a device (such as device 102) may use the tunnel ID114 to determine the source network device. Device 102 may transmit packet 108 to the determined source network device. In various examples, the action value 112, tunnel ID114, SFC ID 116, and SF index 118 may include fields of bits of the source MAC address 110. The size of the bit fields of action value 112, tunnel ID114, SFC ID 116, and SF index 118 may be variable to accommodate different SFC configurations.
The device 102 stores the action value 112, the tunnel ID114, the SFC ID 116, and the SF index 118 in the source MAC address 110 to perform the service function chain. By storing the aforementioned fields in the source MAC address 110, the device 102 may be able to determine the service function chain associated with the packet 108, the current service function in the service function chain, and the action (if any) to be performed on the packet 108. In response to traversing the service function of the service function chain, the device 102 may also be capable of determining the packet 108 and transmitting the packet 108 to a source network device associated with the packet 108.
By storing SFC data in a source MAC address as described herein, the techniques of this disclosure allow enabling compatibility with campus environments, L3 gateway traversal, and transparency with respect to legacy appliance middleboxes that do not support MAC address chaining. Furthermore, the variable number of bits that can be allocated to the various SFC-related fields in the source MAC address allows the SFC techniques of the present disclosure to scale to hundreds or thousands of service chains on a single SFF and support hundreds of service functions per chain. Further, the action field supports out-of-band signaling from service functions, such as block flow and/or device signaling.
Thus, in accordance with examples of the present disclosure, device 102 includes a medium 106 on which instructions are stored. The instructions, when executed, cause the processor 104 to: a packet 108 including a source MAC address 110 is received, and a service function chain identifier 116 corresponding to a service function chain for the packet 108 is determined based on a first field of bits of the source MAC address 110.
The instructions further cause the processor to: a service function index (e.g., service function index 118) corresponding to a service function for the packet is determined based on a second field of bits of the source MAC address 110, a tunnel identifier (e.g., tunnel identifier 114) corresponding to a tunnel for the packet is determined based on a third field of bits of the source MAC address, and an action value (e.g., action value 112) for the packet 108 is determined based on a fourth field of bits of the source MAC address.
FIG. 2 is another conceptual diagram of an example computing system that may execute a service function chain. Fig. 2 illustrates a computing system 200. Computing system 200 includes device 102 and packet 108 as in fig. 1. Further, computing system 200 includes a service function controller 202, rules 204, service function chains 210, service functions 212, and source device 206.
In various examples, service function controller 202 may comprise a Software Defined Networking (SDN) controller. The service function controller 202 may define a service function chain and corresponding identifier, a service function of the service function chain, and a tunnel identifier of the service function chain. The service function controller 202 may also define possible action values within the service function chain. In various examples, service function controller 202 may support various communication protocols, such as OpenFlow. Service function controller 202 may generate rules 204. Based on the rules 204, the device 102 may determine the action value 112, the service function chain ID 116, the service function index 118, and the tunnel ID 114.
In the example of fig. 2, the device 102 transmits the packet 108 through the SFC 210 that includes the service function 212. As described above, an example SFC may include a firewall service function and an IPS service function. Each service function 212 may include different services that one or more network devices may perform. For example, one or more network devices may perform firewall service functions. The same or different network device or devices may perform the IPS service function.
In various examples, device 102 may transmit packet 108 to one of service functions 212 based on SF index 118. In various examples, the device 102 may modify a field of the source MAC address 110 in response to the packet 108 completing one of the service functions 212 of the SFC 210. As an example, device 102 may modify the value of SF index 118 to indicate that packet 108 is to perform a subsequent one of service functions 212. In some examples, device 102 may increment the value of SF index 118 in response to packet 108 completing one of service functions 212. In response to modifying the value of SF index 118, device 102 may transmit packet 108.
In response to the packet 108 traversing the service function 212 of the SFC 210, the device 102 may receive the packet 108 and perform additional operations on the packet 108. In some examples, device 102 may transmit packet 108 to the source network device indicated by tunnel ID114 (e.g., source device 206). Source device 206 may comprise a switch, router, or any other network device as described herein, which source device 206 originates packet 108.
In various examples, device 102 may also store client ID214 in packet 108. The client ID214 may identify the device that originally sent the packet 218. In response to receiving the packet 108, the device 102 may store the source MAC address 110 in a lookup table, e.g., based on the client ID214, the device 102 associating the client ID214 with each stored MAC address. In this manner, when the packet 108 completes the traversal of the service function chain (e.g., the service function 212 of the SFC 210), the device 102 can recover the original source MAC address based on the association between the client ID214 stored in the packet 108 and the corresponding source MAC address.
FIG. 3 is a flow diagram of an example method for executing a service function chain. Fig. 3 includes a method 300. Method 300 may be described below as being performed or carried out by a system, such as computing system 100 (fig. 1) or computing system 200 (fig. 2). In various examples, method 300 may be performed by hardware, software, firmware, or any combination thereof. Other suitable systems and/or computing devices may also be used. The method 300 may be implemented in the form of executable instructions stored on a machine-readable storage medium of at least one system and executed by at least one processor of the system. In various examples, the machine-readable storage medium is non-transitory. Alternatively or additionally, the method 300 may be implemented in the form of electronic circuitry (e.g., hardware). In alternative examples of the disclosure, one or more blocks of method 300 may be performed substantially concurrently or in a different order than shown in fig. 3. In alternative examples of the disclosure, the method 300 may include more or fewer blocks than shown in fig. 3. In some examples, one or more of the blocks of method 300 may be ongoing at certain times and/or may repeat.
Method 300 may begin at block 302, at which point a computing device, such as device 102, may receive a packet, such as packet 108. At block 304, device 102 may store a value indicative of a tunnel identifier of the packet, such as tunnel ID114, in a source MAC address of the packet (e.g., source MAC address 110). In some examples, the tunnel identifier may indicate a source device associated with the packet, such as source device 206.
At block 306, the device 102 may store a value in the source MAC address indicating the service function chain of the packet (e.g., SFC ID 116), which may indicate that the packet 108 is associated with the SFC 210. At block 308, the device 102 may store an index value (e.g., SF IDX 118) in the source MAC address indicating the service function of the service function chain for the packet. In various examples, the SF IDX 118 may indicate one of the service functions 212. At block 310, the device 102 may transmit a packet, i.e., the packet 108.
FIG. 4 is a flow diagram of an example method for executing a service function chain. Fig. 4 includes a method 400. The method 400 may begin at block 402. At block 402, a computing device (device 102) may receive a packet, such as packet 108. At block 404, the device 102 may store a value indicative of a tunnel identifier of the packet, such as the tunnel ID114, in a source MAC address of the packet (e.g., the source MAC address 110). In some examples, the tunnel identifier may indicate a source device associated with the packet, such as source device 206.
At block 406, the device 102 may store a value in the source MAC address indicating the service function chain of the packet (e.g., the SFC ID 116), which may indicate that the packet 108 is associated with the SFC 210 (illustrated in fig. 2). At block 408, the device 102 may store an index value (e.g., SF IDX 118) in the source MAC address indicating the service function of the service function chain for the packet. The SFIDX 118 may indicate one of the service functions 212 in various examples. In some examples, storing the index value indicative of the service function may include incrementing the value indicative of the service function. In various examples, the value indicative of the service function chain and the index value indicative of the service function may be based on rules received from a Service Function Controller (SFC).
At block 410, the device 102 may store a value indicating an action for the packet (e.g., action value 112) in the source MAC address. In various examples, the value indicating the tunnel identifier may include a first field of bits of the source MAC address, the value indicating the source function chain includes a second field of bits of the source MAC address, the index value indicating the serving function may include a third set of bits, and the value indicating the action for the packet may include a fourth set of bits.
At block 412, the device 102 may transmit a packet, i.e., the packet 108. In some examples, the packet 108 may traverse the service function 212 of the SFC 210. At block 414, in response to completing the service function chain in response to the packet, the device 102 may transmit the packet (e.g., the packet 108) to the source network device (e.g., the source device 206) indicated by the tunnel identifier.
FIG. 5 is a block diagram of an example for executing a service function chain. In the example of fig. 5, system 500 includes a processor 510 and a machine-readable storage medium 520. Although the following description refers to a single processor and a single machine-readable storage medium, the description may also apply to a system having multiple processors and multiple machine-readable storage media. In such examples, the instructions may be distributed (e.g., stored) across multiple machine-readable storage media, and the instructions may be distributed (e.g., executed) across multiple processors.
Processor 510 may be one or more Central Processing Units (CPUs), microprocessors, and/or other hardware devices suitable for retrieval and execution of instructions stored in machine-readable storage medium 520. In the particular example shown in fig. 5, the processor 510 may fetch, decode, and execute instructions 522, 524, 525, 528, 530 to execute service function chains.
As an alternative or in addition to retrieving and executing instructions, processor 510 may include one or more electronic circuits comprising several electronic components for performing the functions of one or more of the instructions in machine-readable storage medium 520. With respect to executable instruction representations (e.g., blocks) described and illustrated herein, it is to be understood that some or all of the executable instructions and/or electronic circuitry included within a block may, in alternative examples, be included within different blocks shown in the figures or within different blocks not shown.
The machine-readable storage medium 520 may be any electronic, magnetic, optical, or other physical storage device that stores executable instructions. Thus, the machine-readable storage medium 520 may be, for example, Random Access Memory (RAM), electrically erasable programmable read-only memory (EEPROM), non-volatile memory, a storage drive, an optical disk, and so forth. The machine-readable storage medium 520 may be disposed within the system 500, as shown in FIG. 5. In various examples, the machine-readable medium 520 is non-transitory. In this case, the executable instructions may be "installed" on the system 500. Alternatively, the machine-readable storage medium 520 may be, for example, a portable, external or remote storage medium that allows the system 500 to download instructions from the portable/external/remote storage medium.
Referring to fig. 5, packet receiving instructions 522, when executed by a processor (e.g., processor 510), may cause processor 510 to receive a packet. The service function chain storage instructions 524, when executed, may cause the processor 510 to store a service function chain identifier corresponding to a service function chain of the packet in a first bit field of the source MAC address.
The service function index storage instructions 526, when executed, may cause the processor 510 to store a service function index corresponding to a service function of the service function chain in the second bit field of the source MAC address. Tunnel identifier storage instructions 528, when executed, may cause processor 510 to store a tunnel identifier in a third bit field of a source MAC address, where the tunnel identifier corresponds to a source network device associated with the packet. Action value storing instructions 530, when executed, may cause processor 510 to store an action value (e.g., action value 112) in a fourth bit field of the source MAC address, where the action value indicates an action for the packet.
FIG. 6 is a block diagram of an example for executing a service function chain. In the example of fig. 6, system 600 includes a processor 610 and a machine-readable storage medium 620. Although the following description refers to a single processor and a single machine-readable storage medium, the description may also apply to a system having multiple processors and multiple machine-readable storage media. In such examples, the instructions may be distributed (e.g., stored) across multiple machine-readable storage media and the instructions may be distributed (e.g., executed) across multiple processors.
Processor 610 may be one or more Central Processing Units (CPUs), microprocessors, and/or other hardware devices suitable for retrieval and execution of instructions stored in machine-readable storage medium 620. In the particular example shown in fig. 6, the processor 610 may fetch, decode, and execute instructions 622, 624, 626, 628, 630, 632, 634 to execute a service function chain.
As an alternative or in addition to retrieving and executing instructions, the processor 610 may include one or more electronic circuits comprising several electronic components for performing the functions of one or more of the instructions in the machine-readable storage medium 620. With respect to executable instruction representations (e.g., blocks) described and illustrated herein, it is to be understood that some or all of the executable instructions and/or electronic circuitry included within a block may, in alternative examples, be included within different blocks shown in the figures or within different blocks not shown.
The machine-readable storage medium 620 may be any electronic, magnetic, optical, or other physical storage device that stores executable instructions. Thus, the machine-readable storage medium 620 may be, for example, Random Access Memory (RAM), electrically erasable programmable read-only memory (EEPROM), non-volatile memory, a storage drive, an optical disk, and so forth. The machine-readable storage medium 620 may be disposed within the system 600, as shown in FIG. 6. In various examples, the machine-readable medium 620 is non-transitory. In this case, the executable instructions may be "installed" on the system 600. Alternatively, the machine-readable storage medium 620 may be, for example, a portable, external or remote storage medium that allows the system 600 to download instructions from the portable/external/remote storage medium.
Referring to fig. 6, the packet reception instructions 622, when executed by a processor (e.g., the processor 610), may cause the processor 610 to receive a packet. The rule receiving instructions 624, when executed, may cause the processor 610 to receive a rule for determining actions for tunnel identifiers, service function chains, service functions, and packets (e.g., packet 108 of fig. 1). The value determination instructions 626, when executed, may cause the processor 610 to determine an action value, a service function chain identifier, a service function index, and a tunnel identifier based on the received rule.
The service function chain storage instructions 628, when executed, may cause the processor 610 to store a service function chain identifier corresponding to a service function chain of the packet in a first bit field of the source MAC address. The service function index storage instructions 630, when executed, may cause the processor 610 to store a service function index corresponding to a service function of the service function chain in the second bit field of the source MAC address. Tunnel identifier storage instructions 632, when executed, may cause processor 610 to store a tunnel identifier in a third bit field of a source MAC address, where the tunnel identifier corresponds to a source network device associated with the packet. The action value storage instructions 634, when executed, may cause the processor 610 to store an action value (e.g., action value 112) in a fourth bit field of the source MAC address, where the action value indicates an action for the packet.

Claims (15)

1. A method for communication, comprising:
receiving a packet;
storing a value in a source Machine Access Control (MAC) address of a packet indicating a tunnel identifier of the packet, wherein the tunnel identifier indicates a source device associated with the packet;
storing a value in the source MAC address indicating a service function chain of the packet;
storing an index value indicating a service function of a service function chain of the packet in the source MAC address; and
the packet is transmitted.
2. The method of claim 1, further comprising:
a value indicating an action for the packet is stored in the source MAC address.
3. The method of claim 2, wherein the first step is carried out in a single step,
wherein the value indicating the tunnel identifier comprises a first field of bits of the source MAC address,
wherein the value indicating the service function chain comprises a second field of bits of the source MAC address,
wherein the index value indicating the service function includes a third bit set, and
wherein the value indicating the action for the packet comprises a fourth set of bits.
4. The method of claim 1, wherein the value indicative of the service function chain and the index value indicative of the service function are based on rules received from a Service Function Controller (SFC).
5. The method of claim 1, further comprising:
the packet is transmitted to the source network device indicated by the tunnel identifier in response to the packet completing the service function chain.
6. The method of claim 1, wherein storing the index value indicative of the service function comprises incrementing a value indicative of the service function.
7. An apparatus for communication, comprising:
a processor; and
a non-transitory medium having stored thereon instructions that, when executed, cause a processor to:
receiving a packet, wherein the packet includes a Machine Access Control (MAC) source address;
determining a service function chain identifier corresponding to a service function chain for the packet based on a first field of bits of the source MAC address;
determining a service function index corresponding to a service function for the packet based on a second field of bits of the source MAC address;
determining, based on a third field of bits of the source MAC address, a tunnel identifier corresponding to a tunnel for the packet; and
based on a fourth field of bits of the source MAC address, an action value for the packet is determined.
8. The device of claim 7, wherein the medium comprises instructions that, when executed, cause the processor to:
the packet is transmitted to the corresponding service function.
9. The device of claim 8, wherein the medium comprises instructions that, when executed, cause the processor to:
receiving a packet from a service function;
modifying the service function index of the second field of bits to indicate a subsequent service function of the service function chain; and is
The packet is transmitted to a subsequent service function.
10. The device of claim 7, wherein the medium comprises instructions that, when executed, cause the processor to:
receiving a packet from a function of a service function chain in response to executing all functions of the service function chain; and is
The packet is transmitted to the source address based on the tunnel identifier.
11. The apparatus of claim 7, wherein a size of the first field of bits, a size of the second field, a size of the third field, and a size of the fourth field of bits is variable.
12. The device of claim 7, wherein the medium further comprises instructions that, when executed, cause the processor to:
receiving a rule from a service function controller; and is
The service function chain, the service function index, the tunnel identifier, and the action value are determined based on rules received from the service function controller.
13. The device of claim 7, wherein the medium further comprises instructions that, when executed, cause the processor to:
storing a client identifier in the source MAC address based on an original value of the source MAC address; and is
The original value of the source MAC address is restored based on the client identifier in response to the packet completing the service function chain.
14. A non-transitory machine-readable storage medium encoded with instructions that, when executed, cause a processor to:
receiving a packet;
storing a service function chain identifier corresponding to a service function chain of the packet in a first bit field of the source MAC address;
storing a service function index corresponding to a service function of the service function chain in a second bit field of the source MAC address;
storing a tunnel identifier in a third bit field of the source MAC address, wherein the tunnel identifier corresponds to a source network device associated with the packet; and
an action value is stored in a fourth bit field of the source MAC address, wherein the action value indicates an action for the packet.
15. The non-transitory machine-readable storage medium of claim 14, wherein the processor:
receiving rules for determining tunnel identifiers, service function chains, service functions and actions; and is
An action value, a service function chain identifier, a service function index, and a tunnel identifier are determined based on the received rule.
CN201680022813.8A 2016-04-12 2016-04-12 Method, apparatus and storage medium for service function chaining Active CN107534609B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2016/027047 WO2017180098A1 (en) 2016-04-12 2016-04-12 Service function chaining based on mac addresses

Publications (2)

Publication Number Publication Date
CN107534609A CN107534609A (en) 2018-01-02
CN107534609B true CN107534609B (en) 2020-10-27

Family

ID=60042634

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201680022813.8A Active CN107534609B (en) 2016-04-12 2016-04-12 Method, apparatus and storage medium for service function chaining

Country Status (4)

Country Link
US (1) US20190215268A1 (en)
EP (1) EP3286884B1 (en)
CN (1) CN107534609B (en)
WO (1) WO2017180098A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9979645B2 (en) * 2015-01-14 2018-05-22 Futurewei Technologies, Inc. Hardware and software methodologies for creating and managing portable service function chains
US10097402B2 (en) * 2016-05-11 2018-10-09 Hewlett Packard Enterprise Development Lp Filter tables for management functions
EP3850800A4 (en) * 2018-10-08 2021-09-01 Samsung Electronics Co., Ltd. Method and system for forwarding data packets in a service function path of a network
CN111464443B (en) * 2020-03-10 2022-06-28 中移(杭州)信息技术有限公司 Message forwarding method, device, equipment and storage medium based on service function chain

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014169251A1 (en) * 2013-04-12 2014-10-16 Huawei Technologies Co., Ltd. Service chain policy for distributed gateways in virtual overlay networks
CN105309036A (en) * 2013-05-24 2016-02-03 高通股份有限公司 Mac layer transport for wi-fi direct services application service platform without internet protocol
WO2016041606A1 (en) * 2014-09-19 2016-03-24 Nokia Solutions And Networks Oy Chaining of network service functions in a communication network

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8773999B2 (en) * 2011-10-26 2014-07-08 International Business Machines Corporation Distributed chassis architecture having integrated service appliances
CN103650438B (en) * 2013-06-27 2016-08-10 华为技术有限公司 Flow control methods and equipment
US9363180B2 (en) * 2013-11-04 2016-06-07 Telefonkatiebolaget L M Ericsson (Publ) Service chaining in a cloud environment using Software Defined Networking
US9825856B2 (en) * 2014-01-06 2017-11-21 Futurewei Technologies, Inc. Service function chaining in a packet network
CN104954245B (en) * 2014-03-27 2019-07-16 中兴通讯股份有限公司 Business function chain processing method and processing device
CN105099960B (en) * 2014-04-30 2018-03-16 国际商业机器公司 Method and apparatus for realizing service chaining
US10158568B2 (en) * 2016-02-12 2018-12-18 Huawei Technologies Co., Ltd. Method and apparatus for service function forwarding in a service domain

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014169251A1 (en) * 2013-04-12 2014-10-16 Huawei Technologies Co., Ltd. Service chain policy for distributed gateways in virtual overlay networks
CN105309036A (en) * 2013-05-24 2016-02-03 高通股份有限公司 Mac layer transport for wi-fi direct services application service platform without internet protocol
WO2016041606A1 (en) * 2014-09-19 2016-03-24 Nokia Solutions And Networks Oy Chaining of network service functions in a communication network

Also Published As

Publication number Publication date
US20190215268A1 (en) 2019-07-11
EP3286884A4 (en) 2018-03-21
EP3286884B1 (en) 2020-12-02
CN107534609A (en) 2018-01-02
WO2017180098A1 (en) 2017-10-19
EP3286884A1 (en) 2018-02-28

Similar Documents

Publication Publication Date Title
US10841243B2 (en) NIC with programmable pipeline
US9847934B2 (en) Reducing packet reordering in flow-based networks
US9110703B2 (en) Virtual machine packet processing
CN107534609B (en) Method, apparatus and storage medium for service function chaining
EP3136654B1 (en) Systems and methods for externalizing network functions via packet trunking
CN102104541B (en) Header processing engine
US9838277B2 (en) Packet copy management for service chain processing within virtual processing systems
US20150172156A1 (en) Detecting end hosts in a distributed network environment
EP3281369A1 (en) Server load balancing
CN113326228B (en) Message forwarding method, device and equipment based on remote direct data storage
EP3595271A1 (en) Packet transmission method and apparatus
US20220052950A1 (en) Service Function Chaining Congestion Tracking
JP2016522627A (en) Packet processing method and apparatus
US11184281B2 (en) Packet processing method and apparatus
CN109802894B (en) Flow control method and device
CN106817316B (en) Method, device and system for detecting path MTU
US20160156561A1 (en) Side channel attack deterrence in networks
US10177935B2 (en) Data transfer system, data transfer server, data transfer method, and program recording medium
US9547613B2 (en) Dynamic universal port mode assignment
US20230093985A1 (en) Providing a hybrid virtual network
CN105471754A (en) Data transmission control method, device and system
WO2024069219A1 (en) Receive side application auto-scaling
JP2017195438A (en) Communication management method, communication management program, and information processing apparatus
KR20170002510A (en) Communication device, control device, communication system, method for processing received packet, method for controlling communication device, and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant